Re: How unchecked conversion works?

[Kilgallen@SpamCop.net (Larry Kilgallen)]

In article <8PwGd.8282$pZ4.6177@newsread1.news.pas.earthlink.net>, Jeffrey Carter <spam@spam.com> writes:

> He had achieved everything except there was one small covert channel 
> available. A trusted user could set up a program that created a lot of 
> processes when it wanted to transmit a one, and no processes to transmit 
> a zero. The untrusted recipient would create a process from time to time 
> and see how many processes had been created, since process IDs were 
> sequential.

Analysis of such covert storage channels is actually required for
any assurance level above B1, not just for A1.

http://www.atis.org/tg2k/_covert_storage_channel.html

> It seems to me that this system was a success. Nothing stops the trusted 
> person from memorizing a block of data, going out of the secure area, 
> writing it down, and giving it to the recipient.

But the person doing that would know they were doing that.  No computer
system can prevent a human from releasing information they know, even if
they have to carry one bit a day out of the workplace based on which of
their pockets they use to store their wallet.

A trusted system (at the proper evaluation level) will prevent the person
from _inadvertantly_ releasing information, such as by running a trojan
horse spreadsheet program that performed the modulation you describe.